b'TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION\n\n\n\n\n                          The Internal Revenue Service\n                      Adequately Prepared for and Responded\n                              to the Austin Incident\n\n\n\n                                        September 21, 2011\n\n                                Reference Number: 2011-10-098\n\n\n\n\n   This report has cleared the Treasury Inspector General for Tax Administration disclosure review process\n    and information determined to be restricted from public release has been redacted from this document.\n\nRedaction Legend:\n\n1 = Tax Return/Return Information       3(d) = Identifying Information of an Individual or Individuals\n\n\n\nPhone Number | 202-622-6500\nEmail Address | TIGTACommunications@tigta.treas.gov\nWeb Site      | http://www.tigta.gov\n\x0c                                                   HIGHLIGHTS\n\n\nTHE INTERNAL REVENUE SERVICE                          Government property, and timely resume\nADEQUATELY PREPARED FOR AND                           business operations following the Austin\nRESPONDED TO THE AUSTIN INCIDENT                      incident. The IRS timely provided extensive\n                                                      personnel services to assess and support\n                                                      affected employee needs, identified temporary\nHighlights                                            office space for the affected employees,\n                                                      awarded several procurements to support the\n                                                      recovery effort in an expedited time period, and\nFinal Report issued on\n                                                      provided the furnishings and equipment needed\nSeptember 21, 2011                                    to resume work within 18 calendar days of the\n                                                      incident.\nHighlights of Reference Number: 2011-10-098\nto the Internal Revenue Service Chief,                However, our audit determined that emergency\nAgency-Wide Shared Services.                          planning for the Echelon I building was not\n                                                      complete, as none of the business resumption\nIMPACT ON TAXPAYERS                                   plans for the eight business units located at the\nOn February 18, 2010, a single-engine airplane        Echelon I building included all of the required\nwas intentionally flown into the Echelon I            elements. In addition, the salvage contract used\nbuilding in Austin, Texas. The Internal Revenue       to recover documents, including taxpayer data at\nService (IRS) adequately prepared for and took        the incident site, did not include all of the\nthe necessary actions to respond to and recover       required security provisions and did not contain\nfrom this incident, which ensured that the IRS        an official designation appointing a Contracting\ntimely resumed normal business operations. An         Officer\xe2\x80\x99s Technical Representative. However,\nextended disruption to IRS facilities could affect    these issues did not have a material impact on\nkey processes such as assessing and collecting        the response to the Austin incident and, taken\ntaxes, processing tax returns and refunds, and        as a whole, the IRS preparation and response\nresponding to taxpayer inquiries.                     ensured that the effect of the Austin incident on\n                                                      IRS employees and tax administration was\nWHY TIGTA DID THE AUDIT                               minimized.\nThis audit was initiated because effective            WHAT TIGTA RECOMMENDED\ncontinuity planning and emergency\npreparedness can facilitate the IRS\xe2\x80\x99s ability to      TIGTA recommended that the Chief,\nprepare for, respond to, and recover from             Agency-Wide Shared Services: 1) ensure that\nemergencies. These efforts include providing          lessons learned relative to the business\npersonnel services to support employee needs          resumption plans are applied to the\nand restoring critical functions. The audit was       development of the new continuity plans and\nrequested by the IRS Chief, Agency-Wide               2) include on the lessons learned document and\nShared Services. The overall objective was to         the Incident Management Plan template the\ndetermine whether the IRS was adequately              provisions for emergency procurements.\nprepared for and took the necessary actions to        IRS officials agreed with our recommendations\nprotect IRS employees, taxpayer data, and             and stated that the IRS has distributed\nFederal Government property and to resume             supplemental guidance on the development of\nnormal business operations following the              continuity plans, initiated annual quality\nairplane crash into the Austin, Texas, Echelon I      assurance reviews of these plans, and plans to\nbuilding (hereafter referred to as the Austin         apply the lessons learned in the development of\nincident).                                            the new continuity plans. The IRS also plans to\nWHAT TIGTA FOUND                                      update the lessons learned document and the\n                                                      Incident Management Plan template to reflect\nThe IRS adequately prepared for and took the          that emergency procurements are required to\nnecessary actions to evacuate and protect IRS         comply with the Federal Acquisition Regulation\nemployees, secure taxpayer data and Federal           and other procurement policies and procedures.\n\x0c                                             DEPARTMENT OF THE TREASURY\n                                                  WASHINGTON, D.C. 20220\n\n\n\n\nTREASURY INSPECTOR GENERAL\n  FOR TAX ADMINISTRATION\n\n\n\n\n                                           September 21, 2011\n\n\n MEMORANDUM FOR CHIEF, AGENCY-WIDE SHARED SERVICES\n\n\n FROM:                   (for) Michael R. Phillips\n                               Deputy Inspector General for Audit\n\n SUBJECT:                     Final Audit Report \xe2\x80\x93 The Internal Revenue Service Adequately\n                              Prepared for and Responded to the Austin Incident\n                              (Audit # 201110006)\n\n This report presents the results of our review to determine whether the Internal Revenue Service\n was adequately prepared for and took the necessary actions to protect Internal Revenue Service\n employees, taxpayer data, and Federal Government property and to resume normal business\n operations following the airplane crash into the Austin, Texas, Echelon I building. This review\n is included in our Fiscal Year 2011 Annual Audit Plan and addresses the major management\n challenge of Security.\n Management\xe2\x80\x99s complete response to the draft report is included as Appendix VI.\n Copies of this report are also being sent to the Internal Revenue Service managers affected by the\n report recommendations. Please contact me at (202) 622-6510 if you have questions or\n Nancy A. Nakamura, Assistant Inspector General for Audit (Management Services and Exempt\n Organizations), at (202) 622-8500.\n\x0c                                     The Internal Revenue Service Adequately\n                                 Prepared for and Responded to the Austin Incident\n\n\n\n\n                                            Table of Contents\n\nBackground .......................................................................................................... Page 1\n\nResults of Review ............................................................................................... Page 4\n          The Internal Revenue Service Effectively Prepared for\n          and Responded to the Austin Incident .......................................................... Page 4\n          Business Resumption Plans for the Austin Echelon I\n          Building Did Not Include All the Required Elements .................................. Page 10\n                    Recommendation 1:........................................................ Page 11\n\n          Actions Are Needed to Better Facilitate Contract\n          Development and Administration ................................................................. Page 11\n                    Recommendation 2:........................................................ Page 13\n\n\nAppendices\n          Appendix I \xe2\x80\x93 Detailed Objective, Scope, and Methodology ........................ Page 14\n          Appendix II \xe2\x80\x93 Major Contributors to This Report ........................................ Page 17\n          Appendix III \xe2\x80\x93 Report Distribution List ....................................................... Page 18\n          Appendix IV \xe2\x80\x93 Timeline of Incident Response ............................................ Page 19\n          Appendix V \xe2\x80\x93 Key Lessons Learned From the Incident Response .............. Page 21\n          Appendix VI \xe2\x80\x93 Management\xe2\x80\x99s Response to the Draft Report ...................... Page 24\n\x0c           The Internal Revenue Service Adequately\n       Prepared for and Responded to the Austin Incident\n\n\n\n\n                Abbreviations\n\nBRP       Business Resumption Plan\nCOTR      Contracting Officer\xe2\x80\x99s Technical Representative\nGSA       General Services Administration\nIMP       Incident Management Plan\nIMT       Incident Management Team\nIRS       Internal Revenue Service\nOEP       Occupant Emergency Plan\nSCR       Senior Commissioner\xe2\x80\x99s Representative\n\x0c                                 The Internal Revenue Service Adequately\n                             Prepared for and Responded to the Austin Incident\n\n\n\n\n                                             Background\n\nThe Internal Revenue Service (IRS) is responsible for helping America\xe2\x80\x99s taxpayers to understand\nand meet their tax responsibilities and for the enforcement of the Nations\xe2\x80\x99 tax laws as enacted by\nCongress. The IRS collects the taxes1 that fund the Federal budget, supporting public programs\n(e.g., human services, national defense, Social Security and Medicare, and education) and the\npayment of the national debt. The IRS Commissioner describes the IRS as an agency of\nprofessionals working to serve the hardworking taxpayers of this country: processing returns,\nsending out refunds, answering questions on the phone, and trying to help people navigate a\ncomplicated tax system.2\nIRS employees provide Americans with a valuable service; however, the dedicated men and\nwomen of the IRS are often under-appreciated public servants and increasingly have become the\ntargets of violent threats.3 On February 18, 2010, ***1***3(d)********* intentionally flew an\nairplane into an IRS building in Austin, Texas, killing himself and an IRS employee and injuring\n13 others (hereafter referred to as the Austin incident).4 The contents of the building were almost\na total loss, and the damage to the building structure was significant enough to require the IRS to\nimmediately find new space for the affected employees.\nTo facilitate the performance of critical functions in emergency situations, the Federal\nGovernment established policies that provide direction to Federal agencies for continuity\nplanning and programs. In May 2007, National Security Presidential Directive-515 was issued\nby the President to establish and maintain a comprehensive and effective national continuity\ncapability in order to ensure the continuing performance of national essential functions under all\nconditions. To provide the operational guidance to implement this policy, the Department of\n\n1\n  The IRS is a bureau of the Department of the Treasury and one of the world\xe2\x80\x99s most efficient tax administrators. In\nFiscal Year 2010, the IRS collected more than $2.3 trillion in revenue and processed more than 230 million tax\nreturns.\n2\n  The Prepared Remarks of IRS Commissioner Douglas H. Shulman at the National Press Club (IR-2010-41,\nApril 5, 2010).\n3\n  In recent years, the Treasury Inspector General for Tax Administration has investigated roughly 900 threats made\nagainst IRS employees annually. In Fiscal Year 2009, that number climbed above 1,000. In addition, Treasury\nInspector General for Tax Administration Semiannual Report to Congress October 1, 2010\xe2\x80\x93March 31, 2011,\nindicated that threats have continued to escalate, with 723 reported for the 6-month period ending March 31, 2011.\nTreasury Inspector General for Tax Administration investigations include both threat investigations (a direct,\nspecific threat of violence) and threat assessment investigations (when groups or individuals may pose a threat to an\nIRS employee or facility).\n4\n  The United States House of Representatives approved a resolution (House Resolution 1127) on March 3, 2010,\nacknowledging the incident at the Echelon I building and strongly condemned the terror attack perpetrated\ndeliberately against Federal employees of the IRS in Austin, Texas.\n5\n  National Continuity Policy \xe2\x80\x93 Homeland Security Presidential Directive-20 (NSPD-51/HSPD-20).\n                                                                                                             Page 1\n\x0c                                 The Internal Revenue Service Adequately\n                             Prepared for and Responded to the Austin Incident\n\n\n\nHomeland Security, in coordination with its interagency partners, developed Federal Continuity\nDirective 1. The purpose of this Federal Continuity Directive is to provide direction for the\ndevelopment of continuity plans and programs for the Federal Executive Branch. Effective\ncontinuity planning and programs facilitate the performance of critical functions during all\nhazards, emergencies, or other situations that may disrupt normal operations.\nThe IRS had a process in place to guide employees when an emergency incident occurred. The\nIRS process included a combination of four integrated plans called the Business Continuity Suite\nof Plans. These plans were used to prepare for, respond to, and recover from the incident. The\nSuite of Plans included the Occupant Emergency Plan (OEP), the Incident Management Plan\n(IMP), the Business Resumption Plan (BRP), and the Disaster Recovery Plan.\n    \xe2\x80\xa2    The OEP provides procedures for protecting people and property during a crisis situation,\n         and its primary focus is the safe evacuation of personnel.\n    \xe2\x80\xa2    The IMP provides procedures to control and coordinate all activities needed to manage an\n         incident throughout the incident response.\n    \xe2\x80\xa2    The BRP provides procedures for recovering business operations immediately following\n         a disaster.\n    \xe2\x80\xa2    The Disaster Recovery Plan is the information technology plan that includes recovery of\n         critical information technology infrastructure, network, hardware, systems, applications,\n         and operating systems.6 Our review was limited to addressing how the IRS salvaged the\n         data on the computers and the computer replacement.\nIncident response is a multifunctional activity at the IRS. When an incident occurs, the local\nSenior Commissioner\xe2\x80\x99s Representative (SCR)7 assumes the role of Incident Commander.8 The\nrest of the Incident Management Team (IMT) consists of employees from the different business\nunits at the IRS. When an emergency occurs, it is important to timely resume business\noperations because an extended disruption to IRS facilities could affect key processes such as\nassessing and collecting taxes, processing tax returns and refunds, and responding to taxpayer\ninquiries.\n\n\n6\n  The Disaster Recovery Plan is the written instructions for processing critical applications in the event of a major\nhardware or software failure or destruction of facilities. The Disaster Recovery Plan is a support piece, focusing on\nthe recovery of the systems and data, ensuring that the cyber technology can enable the continuance of the essential\nbusiness functions.\n7\n  The SCRs address time-sensitive administrative issues and direct activities in critical emergency incidents that\naffect IRS facilities, provide leadership and direction to Commissioner\xe2\x80\x99s Representatives, and coordinate local\nadministrative programs, such as flu shots.\n8\n  The Incident Commander is directly responsible for frontline management of the incident. The Incident\nCommander, in conjunction with the other onsite Business Team Managers, will develop and implement response\nstrategies and utilize Disaster Recovery and BRPs for recovery of business operations.\n                                                                                                              Page 2\n\x0c                            The Internal Revenue Service Adequately\n                        Prepared for and Responded to the Austin Incident\n\n\n\nWhen a disaster affects the IRS, the Suite of Plans are executed and are intended to be\ncontinually referenced during the entire incident response and business resumption efforts. Each\nfunction within each IRS building was required to have a BRP. These plans were used to\nidentify the critical functions at the incident location and the process and resources needed to get\nthe IRS back to normal operations. In September 2008, the IRS updated its policy and replaced\nthe BRPs with requirements for continuity plans. We were advised that the IRS started\nimplementing the continuity planning requirements at the end of Calendar Year 2009 and\ncontinued throughout Calendar Year 2010. During this transitional time, the BRPs were used by\nthe business units to respond to the Austin incident. We did not review the IRS continuity plans\nas they were not in place at the time of the incident. However, we plan to conduct a future\nTreasury Inspector General for Tax Administration audit on IRS continuity planning.\nThe IMP template is an identical template made up of checklists used by the SCRs for all IRS\nfacilities within their region to ensure continuity. The portion of the IMP that is more\nindividualized and site-specific is the section of the document that identifies the command and\ngeneral staffs of the IMT. When an incident occurs, the IMP identifies the employees\naccountable for each responsibility area of the incident response.\nThis review was performed at the IRS National Headquarters in Washington, D.C., in the office\nof Agency-Wide Shared Services during the period March through June 2011. Site visits were\nalso made to IRS offices in Austin, Texas, and Nashville, Tennessee. We conducted this\nperformance audit in accordance with generally accepted government auditing standards. Those\nstandards require that we plan and perform the audit to obtain sufficient, appropriate evidence to\nprovide a reasonable basis for our findings and conclusions based on our audit objective. We\nbelieve that the evidence obtained provides a reasonable basis for our findings and conclusions\nbased on our audit objective. Detailed information on our audit objective, scope, and\nmethodology is presented in Appendix I. Major contributors to the report are listed in\nAppendix II.\n\n\n\n\n                                                                                             Page 3\n\x0c                                 The Internal Revenue Service Adequately\n                             Prepared for and Responded to the Austin Incident\n\n\n\n\n                                       Results of Review\n\nThe IRS adequately prepared for and took the necessary actions to evacuate and protect IRS\nemployees, secure taxpayer data and Federal Government property, and timely resume business\noperations following the Austin incident. The IRS provided extensive personnel services to\nsupport employee needs, identified temporary office space for the affected employees, awarded\nseveral procurements to support the recovery effort in an expedited time period, and provided the\nfurnishings and equipment that facilitated the resumption of work within 18 calendar days of the\nincident.\nHowever, our audit determined that emergency planning for the Echelon I building was not\ncomplete, as none of the BRPs for the eight business units located at the Echelon I building\nincluded all of the required elements. In addition, a salvage contract used to recover documents,\nincluding taxpayer data, at the incident site did not include all of the required security provisions\nand did not contain an official designation appointing a Contracting Officer\xe2\x80\x99s Technical\nRepresentative (COTR). However, these issues did not have a material impact on the response\nto the Austin incident and, taken as a whole, the IRS preparation and response ensured that the\neffect of the Austin incident on IRS employees and tax administration was minimized.\n\nThe Internal Revenue Service Effectively Prepared for and Responded\nto the Austin Incident\nPrior to the incident, the IRS prepared for emergency situations at the Echelon I building by\nperforming drills for the evacuation of employees from the facility and by conducting IMT\nexercises that focused on the resumption of business operations subsequent to an emergency\nincident.9 The IRS prepared and tested an OEP for the Echelon I building, which facilitated a\nprompt evacuation of the building after the incident. The IRS had also developed an IMP for\nresponding to, recovering from, and mitigating the effects of incidents at the Echelon I building.\nFollowing the incident and building evacuation, the IRS ensured that security of the building was\nsufficient to protect taxpayer data and Federal Government property, employees\xe2\x80\x99 needs were\nassessed and addressed, new temporary office space was identified, procurement activities were\nexpedited, and business operations resumed as early as was practical given the severity of the\nincident. In addition, IRS executives took actions IRS-wide as a result of the Austin incident.\n\n\n\n9\n  We determined that the IRS emergency planning included the preparation of the OEP, IMP, and BRP. Our audit\nincluded a review of the completeness of these plans, but we did not test these plans for accuracy. We identified that\nthe IRS\xe2\x80\x99s BRPs were not complete. See Page 10 of this report for details. However, we did not identify any\nmaterial deficiencies within the OEP and IMP documents.\n                                                                                                             Page 4\n\x0c                                The Internal Revenue Service Adequately\n                            Prepared for and Responded to the Austin Incident\n\n\n\nAdditional details on the IRS preparation and response to the Austin incident follow. See\nAppendix IV for a timeline of the incident response.\n\nThe Echelon I building was promptly evacuated\nThe IRS reported that there were 198 IRS employees assigned to the Echelon I building and\n101 employees were in the building on the day the incident occurred. The building occupants\nwere able to evacuate to safety within a matter of minutes due to the courageous actions of IRS\nonsite personnel, other first responders, and a local citizen.10\nFederal law11 mandates the use of OEPs,12 and IRS guidance requires the development of an OEP\nas well as annual testing of the plans by performing evacuation drills. Our audit determined that\nthe IRS had an OEP in place and that the OEP had been tested within 1 year (11 months) prior to\nthe incident. The OEP for the Echelon I building provided instructions for actions to be taken in\nthe event of an emergency, the assignments and duties of the Occupant Emergency\nOrganization,13 and contact information for key members of the emergency response. Our\ndiscussions with local IRS management and review of the incident timeline found that the\nEchelon I building was promptly evacuated. Based on witness accounts, the building was\nevacuated in approximately 5 minutes. The IRS credited the seriousness that the Echelon I\nbuilding employees applied towards the evacuation drills as an important factor in the rapid\nbuilding evacuation and in keeping injuries as a result of the incident to a minimum.\n\nThe response to the incident was effectively coordinated\nIn December 2008, the Department of Homeland Security issued the National Incident\nManagement System, which provides a consistent nationwide template to enable the Federal\nGovernment to prevent, protect against, respond to, recover from, and mitigate the effects of\nincidents. While IRS policy does not include any requirements addressing what should be\nincluded in its IMPs, the National Incident Management System contains requirements for\nresponding to incidents, and the IRS\xe2\x80\x99s IMP we reviewed met those requirements relating to the\nIMT command structure and the duties and responsibilities of the team members.\nThe IRS developed and then adequately implemented the IMP to coordinate its response to the\nincident. Our review of the IMP determined that the IRS had an IMP organization chart for the\nEchelon I building that identified the IMT responsible for an emergency at that location. We met\nwith the general staff of the IMT and the Incident Commander and determined that they\n\n10\n   A passer-by stopped and used his ladder to rescue six people trapped on the second floor of the Echelon I\nbuilding.\n11\n   41 C.F.R. \xc2\xa7 101-20.5, et seq.\n12\n   The Federal Government has responsibility for minimizing danger to life and property arising from the effects of\nfires, bomb threats, bombings, civil disturbances, and other disasters affecting Federal Government employees.\n13\n   The emergency response organization comprised of employees who have been designated and trained by the\nDesignated Official to carry out the requirements of the OEP.\n                                                                                                            Page 5\n\x0c                                The Internal Revenue Service Adequately\n                            Prepared for and Responded to the Austin Incident\n\n\n\nunderstood their responsibilities when responding to emergency situations. In addition, local\nIRS managers affected by the incident had high praise for the IMT and the response as a whole.\nDue to the severity of the Austin incident, the Incident Commander made a decision to bring in\ntwo additional SCRs to assume the roles of the Planning Section and Operation Section Chief of\nthe IMT. This staffed these vital roles with IRS employees who had prior experience in\nproviding support and direction in emergency response situations. The IMT also documented the\nactions they took during the incident through the use of an incident response timeline, minutes of\nIMT meetings, and status reports. In our discussions with IRS executives, they expressed that\nthe level of cooperation within the IRS was an essential aspect in responding to the incident.\nThey indicated that everyone in the organization worked together, and there was never a concern\nfor an individual employee\xe2\x80\x99s rank or business unit, which resulted in a highly motivated,\neffective, and cohesive team. From a Headquarters perspective, the IMT was fully empowered\nto handle the incident response.\nWhen the incident response was complete, the IMT solicited input from key participants\ninvolved with the response and prepared a list of lessons learned. Some of the lessons learned\nwere used to update the IMP template in preparation for future incidents. The updates covered\nissues such as communications with taxpayers, changes to the asset retrieval team within the\nIMT command structure, use of a floor plan to identify the location of vital records, and the use\nof a single location to address employee needs and other pay and benefit-related issues. In\naddition, all SCRs were briefed on the lessons learned from the incident. See Appendix V for a\nlist of key lessons learned.\n\nEmployee needs were identified and addressed\nFederal Continuity Directive 1 addresses the unique human capital requirements that are needed\nto support an effective emergency response. Agencies must implement a process to\ncommunicate their human capital guidance for emergencies (pay, leave, staffing, and other\nhuman resources flexibilities) to managers and make staff aware of that guidance in an effort to\nhelp agencies continue critical functions during an emergency. The IRS used its personnel\nservices to provide support to the employees affected by the incident. After the incident, the IRS\nplaced the affected employees on 2 to 3 weeks of administrative leave, during which time the\nIRS made counselors available through its Employee Assistance Program14 and held twice daily\nconference calls to brief employees on the incident response and to field any questions or\nconcerns from affected employees.\n\n\n\n\n14\n  The Employee Assistance Program is a free benefit program that provides confidential services to IRS managers,\nemployees, and their family members. The program provides access to a nationwide counseling network to help\nemployees deal with a variety of personal and work related problems.\n                                                                                                         Page 6\n\x0c                                The Internal Revenue Service Adequately\n                            Prepared for and Responded to the Austin Incident\n\n\n\nThe IRS also set up a \xe2\x80\x9cOne-Stop Shop\xe2\x80\x9d employee assistance center at the Austin Campus15 and\nstaffed it with Human and Employee Relations specialists from the IRS Benefits and Services\nTeam, Employee Assistance Program, and IRS Worker\xe2\x80\x99s Compensation Center. The employee\nassistance center had employees onsite to talk with affected employees and provide individual\nassistance. Within 4 days of the incident, the IRS prepared and distributed a survey to the\naffected employees to determine equipment needs, reasonable accommodation needs, and any\nother special needs. The IRS used the results of the surveys as the basis for ensuring that\nemployees had the tools and resources they needed to return to work.\nThe assistance center provided packets of information to address various employee issues,\nincluding:\n     \xe2\x80\xa2   Federal Bureau of Investigation\xe2\x80\x99s Victim Assistance Unit and American Red Cross\n         contact information.\n     \xe2\x80\xa2   IRS Benefits and Services Team information (e.g., retirement benefits, life insurance, and\n         health insurance).\n     \xe2\x80\xa2   IRS Worker\xe2\x80\x99s Compensation Center benefits counseling information and application\n         forms for those considering filing a Worker\xe2\x80\x99s Compensation claim.\n     \xe2\x80\xa2   Social Security Administration contact numbers for those who lost their Social Security\n         cards.\n     \xe2\x80\xa2   Texas Department of Public Safety contact numbers for those who lost their driver\xe2\x80\x99s\n         licenses.\nAs the Echelon I building employees returned to work, the IRS continued to provide the\nemployees with access to individual counseling to support their recovery from the Austin\nincident. The IRS also expanded the number of individual counseling sessions normally\nprovided as an employee benefit through the Employee Assistance Program.\nAdditionally, the IRS assisted employees in the recovery of personal items due to the incident,\nsuch as purses, briefcases, office memorabilia, professional certificates, and photos. In addition,\nthe IRS Office of General Legal Services processed and paid claims under the Military Personnel\nand Civilian Employee Compensation Act16 in cases where employees experienced loss or\ndamage of personal property.\n\n\n\n\n15\n   The data processing arm of the IRS. The campuses process paper and electronic submissions, correct errors, and\nforward data to the Computing Centers for analysis and posting to taxpayer accounts.\n16\n   31 U.S.C. \xc2\xa7 3721.\n                                                                                                          Page 7\n\x0c                                 The Internal Revenue Service Adequately\n                             Prepared for and Responded to the Austin Incident\n\n\n\nTaxpayer data and Federal Government property were generally protected\nIRS guidance requires the protection of vital resources, facilities, records, and taxpayer data. It\nalso requires that the IRS follow certain procedures when disposing of computer equipment.\nBecause of smoke and fire damage, it was necessary for the IRS to replace all of the computers\nin the Echelon I building. The IRS took appropriate preventative measures to secure and protect\ntaxpayer data and Federal Government property following the incident.\nAfter the incident, the Echelon I building was immediately secured by a perimeter fence and\n24-hour guard service to prevent access to the taxpayer data still located in the damaged\nbuilding. The contractor who performed the salvage work,17 including the removal of the surface\nsoot and dirt from computers, laptops, CPUs, and personal computers, moved the computers\nfrom the damaged areas to a safe area of the building. At this juncture, IRS Modernization and\nInformation Technology Services organization representatives took control of the computers,\nsalvaged data when possible, removed hard drives, and then subsequently disposed of the\ndamaged computer equipment. Our evaluation of the IRS\xe2\x80\x99s process to recover and dispose of the\ndata in the damaged computers found that the IRS took the necessary steps to ensure that\ntaxpayer data were secure during the disposal process.\nIn addition, the IRS and the vendor properly controlled the damaged paper documents and other\nrecovered items during the salvage process.18 The vendor placed the damaged items in boxes,\nand the boxes were numbered and labeled with the location of the recovery. The box numbers\nallowed the IRS to ensure that all of the boxes were returned. We judgmentally selected an\ninventory sheet of 40 boxes sent to the contractor and traced these box numbers to the list of\nboxes returned to the IRS. We determined that the 40 boxes in the salvage inventory were\nreturned to the IRS. The location listed on the box label also enabled the IRS to determine which\nemployee the recovered items belonged to. The IRS set up a secure area at the Austin Campus to\nstore cleaned items returned by the contractor. The employees were then notified to report to\nthis area to claim their items.\n\nNew office space for affected employees was quickly obtained\nThe IRS identified interim office space at the Austin Campus for the affected employees and\nprovided the furnishings and equipment needed to resume work within 18 calendar days of the\nincident. We determined the security over the Austin Campus met the Interagency Security\nCommittee security standards and that the Echelon I building employees were provided adequate\nsecurity while at this interim location. The IRS then worked with the General Services\nAdministration (GSA) to conduct a market survey and identified suitable office space for all\n\n\n17\n   The contractor removed and cleaned paper documents and personal items damaged in the incident. We plan to\nconduct a future audit identifying the costs associated with the Austin incident.\n18\n   This contract did not include all required security provisions and did not contain an official designation appointing\na COTR. See Page 11 of this report for further information.\n                                                                                                               Page 8\n\x0c                                 The Internal Revenue Service Adequately\n                             Prepared for and Responded to the Austin Incident\n\n\n\ndisplaced Echelon I building employees. The Echelon I building employees moved into the new\noffice building within 5 months19 of the Austin incident.\nWhen the 2-year lease for this building was signed on March 30, 2010, the new building met the\nInteragency Security Committee security standards in place at that time. Subsequently, on\nApril 12, 2010, the Department of Homeland Security issued new security standards for Federal\nGovernment facilities. Although the newly leased site does not comply with the more stringent\nrequirements under the new Interagency Security Committee standards, the IRS is not required to\nconform to these new standards as they were not in effect when the lease was finalized. We\nwere advised by the IRS that it plans to consider these revised security standards when selecting\na permanent office space location when the current lease expires in July 2012.\n\nAdditional actions were taken IRS-wide in response to the incident\nOur discussions with IRS executives identified other actions taken to address security and\nemergency preparedness at a national level. This included but was not limited to:\n     \xe2\x80\xa2   Increasing the number of security guards at all Taxpayer Assistance Centers20 nationwide\n         and to all of the IRS buildings in Austin.\n     \xe2\x80\xa2   Coordinating with the Department of Homeland Security and the Federal Bureau of\n         Investigations to investigate the incident.\n     \xe2\x80\xa2   Awarding a contract to conduct risk assessments of physical security at all facilities\n         across the country that are occupied by IRS employees.\n     \xe2\x80\xa2   Forming a working group, consisting of senior managers from the Wage and Investment\n         and Small Business/Self-Employed Divisions, to examine the execution of the IRS armed\n         escort program.\nOur discussions with IRS executives also identified lessons learned at the IRS executive level.\nThis included issues such as:\n     \xe2\x80\xa2   The critical importance of taking evacuation drills and table-top exercises seriously. IRS\n         executives indicated that they are reflecting back on the lessons learned in Austin and\n         using the rapid evacuation of the Echelon I building as a learning tool in current\n         emergency preparedness and awareness programs in other locations.\n     \xe2\x80\xa2   Identifying and establishing a network of external sources who offer assistance to trauma\n         victims of disasters or emergencies with numerous other Federal and State agencies. For\n\n\n19\n   The IRS moved into the new office space on July 6, 2010, and received the final shipment of recovered\ndocuments on July 28, 2010.\n20\n   Taxpayer Assistance Centers are a taxpayer\xe2\x80\x99s source for personal tax help when the taxpayer believes his or her\ntax issue cannot be handled online or by telephone.\n                                                                                                            Page 9\n\x0c                                  The Internal Revenue Service Adequately\n                              Prepared for and Responded to the Austin Incident\n\n\n\n         example, the Federal Bureau of Investigation\xe2\x80\x99s Victim Assistance Unit, State of Texas,\n         and National Transportation Safety Board all offered and provided IRS employee\n         assistance.\n     \xe2\x80\xa2   Identifying IRS employees nationwide with prior experience in providing direction\n         during emergency situations. This was a critical human capital aspect because it\n         significantly expedited the IRS response and recovery.\n\nBusiness Resumption Plans for the Austin Echelon I Building Did Not\nInclude All the Required Elements\nIRS policy states that the objective of the BRP is to resume processing of critical functions as\nquickly as possible and eventually the resumption of full, normal operations.21 To achieve this\nobjective, the business units must identify and include lists in the BRPs of its vital records22 and\ncritical business processes.23 When planning for an emergency situation, a complete BRP is\nnecessary for the IMT to prioritize business resumption needs. In a previous audit,24 we reported\nthat the IRS BRPs were not complete and would not facilitate the efficient recovery of critical\nbusiness processes. Our review of the BRPs for the business units located at the Echelon I\nbuilding found that none of the eight BRPs included all of the required elements. The missing\ninformation included a list of the vital records of the business unit, the critical functions\nperformed at the location, and the equipment needed to perform the critical functions.\nIRS policy does not identify who is responsible for an independent review of the BRPs. The IRS\ninformed us it was the responsibility of the business units; however, a review process was not\nimplemented. For example, in one IRS business unit, the review of the plans was limited to\ndetermining whether all of the information was present and not whether it was accurate. This\nIRS business unit was in the process of developing a certification process through which an\nexecutive would certify completeness of the BRPs. However, this process was discontinued as a\nresult of the IRS\xe2\x80\x99s migration away from BRPs to continuity plans.\nDespite the incomplete BRPs, the IMT was able to quickly obtain the missing information from\nthe business unit representatives on the IMT in responding to the Austin incident, and we did not\nidentify an adverse effect on the Austin response or subsequent recovery. The IRS\xe2\x80\x99s ability to\ntimely recover its critical processes in Austin were grounded in its experience in recovering from\n\n\n21\n   Normal operations refers to the broad functions undertaken by an organization when it is assigned responsibility\nfor a given functional area. These functions include the planning and execution of day-to-day tasks.\n22\n   Vital records are the records essential to the continued functioning or reconstitution of an organization during and\nafter an emergency.\n23\n   Critical business processes are those business processes and functions at the facility that are considered critical to\nthe ongoing operation of the business unit. These processes and functions should be recovered or resumed first.\n24\n   Weaknesses in Business Resumption Plans Could Delay Recovery From a Disaster (Reference\nNumber 2008-20-178, dated September 17, 2008).\n                                                                                                                Page 10\n\x0c                                The Internal Revenue Service Adequately\n                            Prepared for and Responded to the Austin Incident\n\n\n\nprevious disasters and emergency incidents and the foresight it demonstrated by putting the right\npeople in place without delay who were cognizant of the details and strategies they should follow\nafter a disaster. Lesser experienced personnel may have found themselves at a disadvantage\nwithout current, complete BRPs. When BRPs do not include all of the required information,\nthere is an increased risk that the BRPs will not facilitate the efficient recovery of critical\nbusiness processes. The IMT members recognized that the BRPs were incomplete and included\nthis concern as part of their lessons learned document.\n\nRecommendation\nRecommendation 1: The Chief, Agency-Wide Shared Services, should ensure that lessons\nlearned relative to the BRPs are applied to the development of the new continuity plans.\n        Management\xe2\x80\x99s Response: The Chief, Agency-Wide Shared Services, agreed with\n        our recommendation and stated that the IRS has distributed supplemental guidance on the\n        development of continuity plans, initiated annual quality assurance reviews of these\n        plans, and plans to apply the lessons learned from the Austin incident in the development\n        of the new continuity plans.\n\nActions Are Needed to Better Facilitate Contract Development and\nAdministration\nOn March 3, 2010, the IRS placed a task order against a GSA contract with a vendor for cleanup\nand recovery services of sensitive documents and employee personal effects damaged in the\nAustin incident. Some of the documents salvaged included taxpayer data. IRS policy states that\nprocurement solicitations and contracts shall include a clause that requires position risk\ndesignations for contractor employee background investigation or screening for access to IRS\nfacilities or sensitive taxpayer data. Department of the Treasury Acquisition Regulations also\nrequire contracting officers25 to formally delegate authority to a COTR for all contractual actions\nexceeding the simplified acquisition threshold26 of $150,000. This step ensures that COTRs are\nfully informed of what they must do and also what they cannot do on a particular contract. It\nalso protects the Federal Government from the harmful effects of COTRs acting beyond the\nscope of their authority or acting without authority, which could lead to unauthorized\ncommitments and work that is not completed in full compliance with contractual terms and\nconditions.\n\n\n25\n   Contracting officers serve as the legal agents of the Federal Government responsible for the integrity of the\ncontracting process.\n26\n   Purchases of supplies or services less than $150,000 using simplified procedures described in Federal Acquisition\nRegulation Part 13. Simplified acquisitions include purchase card buys, purchase orders, electronic purchasing, task\nand delivery orders against established contracts, imprest fund buys, and blanket purchase agreements.\n                                                                                                           Page 11\n\x0c                            The Internal Revenue Service Adequately\n                        Prepared for and Responded to the Austin Incident\n\n\n\nThe COTR is also responsible for designating and documenting the risk level of each position\nwithin the contract. Additionally, the policy requires that IRS personnel determine whether\nsensitive taxpayer data to which contractor personnel require access warrants execution of a\nnondisclosure agreement. For these situations, the IRS uses a standard nondisclosure agreement\nfor its procurements.\nOur review of the document salvage contract identified several concerns. These include:\n   \xe2\x80\xa2   The contract did not include a security assessment addressing whether or not background\n       checks of the contract workers were necessary.\n   \xe2\x80\xa2   The contract did not include a requirement for the contractor employees to sign a form\n       addressing the nondisclosure of taxpayer data and the penalties for inappropriate\n       disclosure. While the contract employees signed nondisclosure statements for grand jury\n       materials, this does not address nondisclosure of taxpayer data nor does it address the\n       penalties for disclosure of taxpayer data. One of the purposes of having employees sign\n       the form is to make sure that they are aware of the penalties for inappropriate disclosure\n       of taxpayer data.\n   \xe2\x80\xa2   The contract file did not contain an official designation formally appointing a COTR.\nAs is often the case in attempting to award procurements in an emergency environment, the\nurgency of the situation and short time periods resulted in contractual errors. However, we\nfound no evidence that the sensitive taxpayer data that were the subject of the salvage operation\nwere treated improperly by the contractors. The IRS believed that the contract provisions for\nofficially appointing a COTR and the nondisclosure of taxpayer data were overlooked because of\nthe emergency conditions that were present at the time of the contract award. In addition, the\nIRS believes that the provision for background checks of the contractor personnel was not\nincluded in the contract because they did not have the time to conduct the investigations due to\nthe urgent nature of the contract. The IRS requested an expedited awarding of the contract\nbecause the Echelon I building\xe2\x80\x99s windows were blown out and the contents of the building were\nexposed to weather conditions. As a result, the IRS Office of Procurement completed the\nprocurement action in a very short period of time in an effort to support the Austin recovery\nefforts. In addition, the IRS believed that the contractor\xe2\x80\x99s employees may have had the required\nbackground checks because of prior reclamation work they had performed for other Federal\nGovernment agencies.\nWhile we are not aware of any instances of contractor employees disclosing taxpayer data, the\nfailure to have contractor employees sign the correct nondisclosure form may make it more\nlikely that the employees may disclose taxpayer data because they may not have an\nunderstanding of its sensitivity. The lack of the required security provisions (i.e., a security\nassessment for the contractor and the background investigations for contractor employees) and\nproper contract administration (i.e., the failure to appoint a COTR to oversee these requirements\nand obtain the proper nondisclosure statements) were not included as part of the incident\n                                                                                          Page 12\n\x0c                           The Internal Revenue Service Adequately\n                       Prepared for and Responded to the Austin Incident\n\n\n\nresponse lessons learned document. The lessons learned document and the IMP template should\nbe updated to include the security and administration aspects of emergency procurements to\nguide the future IMTs.\n\nRecommendation\nRecommendation 2: The Chief, Agency-Wide Shared Services, should ensure that the\nlessons learned document and the IMP template are updated to reflect the required provisions\nthat emergency procurements include compliance with the Federal Acquisition Regulation and\nother applicable procurement procedures and policies, including required security provisions.\n       Management\xe2\x80\x99s Response: The Chief, Agency-Wide Shared Services, agreed with\n       our recommendation and stated that the IRS will update the lessons learned document\n       and the IMP template to reflect that emergency procurements must include the required\n       provisions to be in compliance with the Federal Acquisition Regulation and other\n       applicable procurement procedures and policies, including all required security\n       provisions.\n\n\n\n\n                                                                                        Page 13\n\x0c                                The Internal Revenue Service Adequately\n                            Prepared for and Responded to the Austin Incident\n\n\n\n                                                                                                Appendix I\n\n         Detailed Objective, Scope, and Methodology\n\nThe overall objective was to determine whether the IRS was adequately prepared for and took\nthe necessary actions to protect IRS employees, taxpayer data, and Federal Government property\nand to resume business operations following the airplane crash into the Austin, Texas,1 Echelon I\nbuilding. To accomplish this objective, we:\nI.      Determined whether the IRS took adequate preventative measures to protect IRS\n        employees and whether IRS employees were adequately supported following the\n        incident.\n        A. Obtained the OEP for the Echelon I building to determine whether it helped the IRS\n           and its employees prepare for an evacuation of the building.\n        B. Determined whether IRS employees were evacuated from the premises to the\n           designated evacuation location and accounted for within a reasonable time following\n           the incident.\n        C. Evaluated the personnel services that were provided to the employees after the\n           incident and determined whether the IRS adequately supported the employees in\n           dealing with the incident and with returning to work.\n        D. Reviewed the physical security and emergency preparedness risk/vulnerability\n           assessments and evaluated the security at the Echelon I building, Austin Campus,2\n           and Research Park Plaza IV building.\nII.     Determined whether the IRS took adequate preventative measures to secure the Echelon I\n        building and protect taxpayer data and Federal Government property following the\n        incident.\n        A. Identified the Internal Revenue Manual requirements for the protection of Federal\n           Government property and assets, taxpayer data, and other sensitive information,\n           including the security of the building and contractors with access to taxpayer records\n           and computer data and storage equipment.\n\n\n\n\n1\n All references to Austin in this report refer to Austin, Texas.\n2\n The data processing arm of the IRS. The campuses process paper and electronic submissions, correct errors, and\nforward data to the Computing Centers for analysis and posting to taxpayer accounts.\n                                                                                                        Page 14\n\x0c                           The Internal Revenue Service Adequately\n                       Prepared for and Responded to the Austin Incident\n\n\n\n       B. Identified measures used to limit access to the building to ensure that taxpayer data\n          and other sensitive information in the Echelon I building following the incident were\n          secured and protected from unauthorized disclosure.\n       C. Identified measures used to protect taxpayer records and computer data and storage\n          equipment during cleanup efforts.\nIII.   Determined whether the IRS complied with Interagency Security Committee standards\n       for the protection of employees, property, and taxpayer data at the temporary work\n       location (Austin Campus) and at the new Austin site.\n       A. Determined whether the IRS complied with Interagency Security Committee\n          standards for the protection of former Echelon I building employees housed in\n          temporary space at the Austin Campus.\n       B. Determined whether the IRS complied with Interagency Security Committee\n          standards at the new Austin site.\nIV.    Determined whether the IRS had previously developed and then adequately implemented\n       the IMP to coordinate its response to the incident.\n       A. Obtained the IMP for the Echelon I building and determined whether the contents of\n          the plan were current and included all of the items contained in the IMP template.\n       B. Reviewed the actions of the IMT and determined whether the team provided an\n          effective response to the incident.\nV.     Determined whether the IMT and the execution of the BRPs operated as intended in\n       recovering from the incident.\n       A. Determined the timeline for the incident response and the business resumption efforts\n          to resume normal IRS business operations.\n       B. Determined whether the BRPs were sufficient to ensure the IRS could recover from\n          the incident.\nInternal controls methodology\nInternal controls relate to management\xe2\x80\x99s plans, methods, and procedures used to meet their\nmission, goals, and objectives. Internal controls include the processes and procedures for\nplanning, organizing, directing, and controlling program operations. They include the systems\nfor measuring, reporting, and monitoring program performance. We determined the following\ninternal controls were relevant to our audit objective: IRS policies, procedures, and controls\nused in planning for and implementing emergency response plans and responding to emergency\nsituations. We evaluated these internal controls by: 1) interviewing management and other\nemployees involved in the response, 2) reviewing documentation maintained by people involved\n\n\n                                                                                        Page 15\n\x0c                            The Internal Revenue Service Adequately\n                        Prepared for and Responded to the Austin Incident\n\n\n\nin the response, and 3) making firsthand observations of physical security measures at the Austin\nCampus and Research Park Plaza IV building.\n\n\n\n\n                                                                                         Page 16\n\x0c                          The Internal Revenue Service Adequately\n                      Prepared for and Responded to the Austin Incident\n\n\n\n                                                                           Appendix II\n\n                Major Contributors to This Report\n\nNancy A. Nakamura, Assistant Inspector General for Audit (Management Services and Exempt\nOrganizations)\nAlicia P. Mrozowski, Director\nDarryl J. Roth, Audit Manager\nDavid P. Robben, Lead Auditor\nChinita M. Coates, Auditor\nBrett C. Thornock, Audit Evaluator\n\n\n\n\n                                                                                  Page 17\n\x0c                          The Internal Revenue Service Adequately\n                      Prepared for and Responded to the Austin Incident\n\n\n\n                                                                           Appendix III\n\n                         Report Distribution List\n\nDeputy Commissioner for Operations Support OS\nDeputy Commissioner for Services and Enforcement SE\nCommissioner, Large Business and International Division SE:LB\nCommissioner, Small Business/Self-Employed Division SE:S\nCommissioner, Wage and Investment Division SE:W\nActing Commissioner, Tax Exempt and Government Entities Division SE:T\nChief Technology Officer OS:CTO\nDirector, Employee Support Services OS:A:ESS\nDirector, Physical Security and Emergency Preparedness, Agency-Wide Shared Services\nOS:A:PSEP\nDirector, Procurement OS:A:P\nDirector, Real Estate and Facilities Management, Agency-Wide Shared Services OS:A:RE\nChief Counsel CC\nNational Taxpayer Advocate TA\nDirector, Office of Legislative Affairs CL:LA\nDirector, Office of Program Evaluation and Risk Analysis RAS:O\nOffice of Internal Control OS:CFO:CPIC:IC\nAudit Liaisons:\n       Chief, Agency-Wide Shared Services OS:A\n       Director, Physical Security and Emergency Preparedness, Agency-Wide Shared Services\n       OS:A:PSEP\n       Director, Procurement OS:A:P\n       Director, Real Estate and Facilities Management, Agency-Wide Shared Services\n       OS:A:RE\n\n\n\n\n                                                                                   Page 18\n\x0c                                The Internal Revenue Service Adequately\n                            Prepared for and Responded to the Austin Incident\n\n\n\n                                                                                             Appendix IV\n\n                        Timeline of Incident Response\n\nFebruary 18, 2010         At 9:40 a.m. a single-engine airplane crashed into the Austin1 Echelon I\n                          building in Austin, Texas.\n                          The Commissioner\xe2\x80\x99s Representative for the building reported shortly after\n                          exiting the building that to his knowledge everyone in the building\n                          evacuated safely except one individual, a Small Business/Self-Employed\n                          Division manager.\n                          By 1:00 p.m., the IRS confirmed that one employee was missing.\n                          By 5:00 p.m., the Incident Commander arrived from Dallas, Texas, and\n                          took control of the scene from the Administrative Officer who was acting\n                          as the interim Incident Commander.\n                          Shortly after 10:00 p.m., the Incident Commander sent an email advising\n                          that the IRS Commissioner had placed all Echelon I building employees\n                          on administrative leave and authorized employees with an Austin post of\n                          duty the use of liberal leave.\nFebruary 19, 2010         The Emergency Operation Center was opened at the Austin Campus and\n                          the members of the IMT began meeting.\n                          The first of the twice daily conference calls with the Echelon I building\n                          employees began.\nFebruary 20, 2010         The Incident Commander asked two additional SCRs to join the IMT as\n                          Operations and Planning Section Chiefs.\n                          The IMT developed an assessment form for the Echelon I building\n                          employees to identify their needs.\nFebruary 22, 2010         A \xe2\x80\x9cOne-Stop Shop\xe2\x80\x9d was set up at the Austin Campus. The One-Stop Shop\n                          was staffed with Human and Employee Relations specialists from the IRS\n                          Benefits and Services Team, Employee Assistance Program,2 and IRS\n                          Worker\xe2\x80\x99s Compensation Center. Assistance packets were given to each\n\n1\n All references to Austin in this report refer to Austin, Texas.\n2\n The Employee Assistance Program is a free benefit program that provides confidential services to IRS managers,\nemployees, and their family members. The program provides access to a nationwide counseling network to help\nemployees deal with a variety of personal and work-related problems.\n                                                                                                        Page 19\n\x0c                                   The Internal Revenue Service Adequately\n                               Prepared for and Responded to the Austin Incident\n\n\n\n                             Echelon I building employee and included a survey requesting employee\n                             needs.\nFebruary 22, 2010            The Secretary of the Treasury and IRS Commissioner met privately with\n                             Echelon I building employees.\nFebruary 23, 2010            The IRS initiated the procurement process to select a vendor for asset\n                             recovery.\nFebruary 24, 2010            GSA and IRS Real Estate and Facilities Management employees began a\n                             market survey to identify sites for a new office building where temporary\n                             space could be leased for the Echelon I building employees.\nFebruary 26, 2010            The potential recovery/restoration contractor received necessary\n                             clearances to enter the building to determine projected cost estimates for\n                             document recovery and restoration.\n                             The IRS identified workstations at the Austin Campus for interim\n                             placement of the Echelon I building employees until a new office space\n                             could be leased.\nMarch 3, 2010                The IRS selected the Research Park Plaza IV building as the temporary\n                             (18-24 month lease) office location to replace the Echelon I building.\n                             The IRS began deploying laptops to the Echelon I building employees.\n                             All laptops were scheduled to be deployed by March 5, 2010.\nMarch 8, 2010                Echelon I building employees returned to work.\nMarch 11, 2010               The Incident Commander moved the Emergency Operation Center to\n                             Dallas, Texas, from which the Incident Commander and staff monitored\n                             the incident.\n                             The document salvage contract was awarded and asset recovery began the\n                             following day.\nJune 2, 2010                 The contractor delivered the first shipment of salvaged documents.3\nJuly 6, 2010                 All Echelon I building employees were successfully moved into the new\n                             offices at Research Park Plaza IV building in Austin.\nJuly 28, 2010                The IRS received the final shipment of documents from the document\n                             salvage contractor.\n\n\n\n\n3\n    This includes sensitive documents and personal effects damaged in the Austin incident.\n                                                                                                 Page 20\n\x0c                                The Internal Revenue Service Adequately\n                            Prepared for and Responded to the Austin Incident\n\n\n\n                                                                                              Appendix V\n\n    Key Lessons Learned From the Incident Response\n\nThe IMT solicited lessons learned from key participants involved with the response and prepared\na list of lessons learned. This list included positive lessons learned and areas that can be\nimproved. We also discussed lessons learned with key participants and IRS executives. We\nreviewed the list and identified the key lessons learned that the IRS documented.\n\nLessons Learned \xe2\x80\x93 Positive\n    \xe2\x80\xa2   Evacuation of the Echelon I Building proceeded as outlined in the OEP, as practiced\n        through drills, and was completed within minutes of the attack. The IRS credited the\n        seriousness that the Echelon I building employees applied towards the evacuation drills\n        as an important factor in the rapid building evacuation.\n    \xe2\x80\xa2   The Incident Commander made a decision to bring in two additional SCRs to assume the\n        roles of the Planning Section and Operation Section Chiefs of the IMT. This meant that\n        these vital roles were staffed with IRS employees who had prior experience in providing\n        support and direction in emergency response situations.\n    \xe2\x80\xa2   An Employee Information Sheet was created and used to quickly capture Echelon I\n        building employee needs (e.g., equipment needs, reasonable accommodation needs, and\n        other special needs). Surveys of the Echelon I building employees facilitated the\n        provision of the tools and resources employees needed to return to work.\n    \xe2\x80\xa2   Established a Damage Assessment Retrieval Team that directly reported to the Incident\n        Commander, instead of through the Operations Section Chief. Due to the severity of the\n        incident, separating this section proved valuable, allowing the Incident Commander to be\n        fully informed.\n    \xe2\x80\xa2   The availability of office space at the Austin, Texas,1 Campus2 as well as the extensive\n        support from the Austin Campus Director and Site Coordinator were valuable resources\n        for the IMT.\n    \xe2\x80\xa2   Twice daily conference calls were initiated with the Echelon I building employees to\n        keep the employees up to date on the status of the incident response.\n\n\n\n1\n All references to Austin in this report refer to Austin, Texas.\n2\n The data processing arm of the IRS. The campuses process paper and electronic submissions, correct errors, and\nforward data to the Computing Centers for analysis and posting to taxpayer accounts.\n                                                                                                        Page 21\n\x0c                                 The Internal Revenue Service Adequately\n                             Prepared for and Responded to the Austin Incident\n\n\n\n    \xe2\x80\xa2    A network of external sources was identified and established with numerous other\n         Federal and State agencies who offer assistance to trauma victims of disasters or\n         emergencies. For example, the Federal Bureau of Investigation\xe2\x80\x99s Victim Assistance Unit,\n         the State of Texas, and the National Transportation Safety Board all offered and provided\n         IRS employee assistance. This also assisted the IRS in obtaining a list of retrieval and\n         restoration contractors and expedited the issuance of a contract.\n    \xe2\x80\xa2    \xe2\x80\x9cOne-Stop Shop\xe2\x80\x9d service was provided to Echelon I building employees. Specialists\n         were onsite at the Austin Campus for the following areas: counseling services,\n         workmen\xe2\x80\x99s compensation claims,3 personal property claims, Social Security card\n         replacement, and the Federal Bureau of Investigation\xe2\x80\x99s Victims Assistance Unit. An\n         employee packet of these pertinent materials and forms was issued or mailed to every\n         affected employee.\n    \xe2\x80\xa2    IRS employees nationwide with prior experience in providing direction during\n         emergency situations were identified. This was a critical human capital aspect because it\n         significantly expedited the IRS response and recovery.\n    \xe2\x80\xa2    The emotion and sensitivity of this type of event, and the sense of personal loss, were\n         acknowledged and recognition of the fact that the IRS could not return immediately to\n         \xe2\x80\x9cbusiness as usual\xe2\x80\x9d was affirmed.\n\nLessons Learned \xe2\x80\x93 Areas That Can Be Improved\n    \xe2\x80\xa2    The sign-in log for the Echelon I building was limited to taxpayers. IRS employees and\n         contract employees/vendors assigned to other buildings were not required to sign in when\n         visiting the Echelon I building; therefore, there was no way to determine who else was in\n         the building at the time of the incident.\n    \xe2\x80\xa2    Some Echelon I building employees left the premises, which made it difficult to\n         determine which employees were in the building at the time of the event.\n    \xe2\x80\xa2    An override is needed for door codes in the event of an emergency. Floor wardens were\n         unable to see the door codes due to the smoke.\n    \xe2\x80\xa2    Policies enacted due to emergency situations that affect taxpayer accounts must be timely\n         communicated with taxpayers for effective tax administration.\n    \xe2\x80\xa2    Communications need to be issued periodically stressing the importance of sending\n         records to the archive or disposing of records when no longer needed. The number of\n\n3\n The Federal Employees\xe2\x80\x99 Compensation Act, under the authority of United States Code (5 U.S.C. \xc2\xa7 8101\net. seq.) and the Code of Federal Regulations (20 C.F.R. Parts 1 and 10), provides compensation benefits to\ncivilian employees of the United States for disability due to personal injury or disease sustained while in the\nperformance of duty.\n                                                                                                              Page 22\n\x0c                         The Internal Revenue Service Adequately\n                     Prepared for and Responded to the Austin Incident\n\n\n\n    documents that needed to be recovered may have been unnecessarily increased due to\n    documents that could have been archived or disposed of earlier.\n\xe2\x80\xa2   Define, develop, and deliver training to the IRS business units so they have a better\n    understanding of vital records.\n\xe2\x80\xa2   A policy library needs to be established to keep all policies enacted as a result of the\n    incident for future IMT reference.\n\xe2\x80\xa2   IRS employees need to understand their liability if personal property in the workplace is\n    destroyed.\n\xe2\x80\xa2   Business continuity plans need to be updated based on actions taken by the IMT to\n    reestablish the critical functions affected by the Austin incident.\n\xe2\x80\xa2   Managers and employees have a lot of work-related information on their computers. It\n    would ease future business resumptions if there was a continual backup of this\n    information.\n\n\n\n\n                                                                                         Page 23\n\x0c            The Internal Revenue Service Adequately\n        Prepared for and Responded to the Austin Incident\n\n\n\n                                                   Appendix VI\n\nManagement\xe2\x80\x99s Response to the Draft Report\n\n\n\n\n                                                            Page 24\n\x0c    The Internal Revenue Service Adequately\nPrepared for and Responded to the Austin Incident\n\n\n\n\n                                                    Page 25\n\x0c    The Internal Revenue Service Adequately\nPrepared for and Responded to the Austin Incident\n\n\n\n\n                                                    Page 26\n\x0c'